Event Type Operational Risk Reference Taxonomy

Based on insights and data from the fiindustry data and input

“Our strategic priority was to create a common point of reference for operational risk taxonomies, laying the foundations which allow industry debate and consistent industry sharing of insights and data going forward."

Simon Wills, Executive Director, ORX

The Event Type Taxonomy is based on data and inputs from our member firms, meaning that it reflects industry practice and direction of travel.

Using information from 60 member firms who shared their taxonomies, our new reference taxonomy updates the level 1 risks proposed in our previous version and digs deeper into level 2 risks. The data we collected came from a wide range of financial institutions, allowing us to create a taxonomy that can be used by banks and insurers, no matter their size, around the world.

Empowering you to manage the operational risks of the current landscape

The taxonomy can be used as a key reference to benchmark against and observe industry trends. We haven’t created the taxonomy as a standard specifically intended to be adopted wholesale.

Instead, you can use our taxonomy to help develop your organisational taxonomies and provide industry evidence to support change.

Feedback from a recent survey of our members indicated that the ORX Reference Operational Risk Taxonomy is being adopted or considered a standard across the financial industry. Our members say it saves them time and money in implementing their own taxonomies, and is valuable tool for industry benchmarking.

Top-level observations from the data

While reviewing the submitted taxonomies, we noticed four key themes from across the data:

1. An increase in level 1 size and use of risk "themes"
2. The use of different "dimensions" to define level 2 risks
3. Causes and/or control failures were often included
4. There was clear divergence of practice between the taxonomies

To help you get the most from our updated reference taxonomy, we’ve also created guidance and supporting documentation. The guidance gives you an overview of the taxonomy and provides detailed information about each level 1 risk.

This includes definitions and examples of level 2 risks and deep dives into areas commonly debated in the industry – for example, conduct and third party. The guidance is free for ORX members and available for non-members to purchase alongside the complete ORX Operational Risk Reference Taxonomy.

New guidance added in 2023

In 2022, we ran a survey with our members to see how they're using the taxonomy and identify where we could provide further support to our community. Based on this survey, we've republished the Event Type Taxonomy with additional guidance on:

• Third party/vendor fraud
• Rogue trading
• Climate risk
• Transformation risk
• Strategic Risk
• Resilience theme
• Artificial Intelligence and Machine Learning
• Control failures and boundary risks
• Use in conjunction with the Cause and Impact Taxonomy

Disclaimer: ORX has prepared this resource with care and attention. ORX does not accept responsibility for any errors or omissions. ORX does not warrant the accuracy of the advice, statement or recommendations in this resource. ORX shall not be liable for any loss, expense, damage or claim arising from this resource. The content of this resource does not itself constitute a contractual agreement, and ORX accepts no obligation associated with this resource except as expressly agreed in writing. ©ORX 2024

Contacts: